We're building an ASP.NET MVC app for deployment on Windows Server 2016 and IIS. We ran the server through the SSL Labs scan and it gave this as one of the results:
This server is vulnerable to the Return Of Bleichenbacher's Oracle Threat (ROBOT) vulnerability. Grade will be set to F from March 2018.
A remedy suggested on their "More info" page was to move to TLS 1.3. However, as this post's comment indicates, 1.3 is in draft mode as of summer 2017.
Has TLS 1.3 become available for Windows servers? If not, is there a timeline for its release?
Best Answer
TLS 1.3 is still in Draft and there is no expected release date as of now. It could be this year, it could be next-year.
You might want to look into the Security Stack Exchange for tips on remediation (if necessary) for the indicated vulnerability. I would suggest verifying that the system is actually vulnerable before going down the remediation steps.